Guidelines for the Advancement of Information Security in the Financial Sector for 2023–2025 approved

To combat fraud, the Bank of Russia is going to improve the mechanism for the reimbursement of stolen funds. The regulator plans to increase the quality of malefactors’ payment details in banks’ information exchange and to counteract the so‑called droppers using economic barriers. The document provides for the option of a self-ban on raising online loans and microloans and a tightening of the requirements for checking potential borrowers before approving their loan applications. In addition, the Bank of Russia is going to engage communication operators in the work aimed at combating telephone fraud and arrange the exchange of information about subscribers between communication operators and banks.

Besides, the regulator suggests that fraud victims should have the opportunity to submit a complaint about money theft to the police through the Public Services Portal or banks’ online platforms. As a result, the law enforcement bodies will receive the information about fraudsters more quickly, and banks will be able to promptly take into account these data in their anti-fraud schemes. The attack scenario for cyber trainings will be expanded and made more complex. The regulator has been carrying out these trainings with banks annually beginning from 2019.

The Bank of Russia also focuses on financial institutions’ transition to domestic information technologies and will be controlling this process (the relevant law was signed on 13 June 2023). The Bank of Russia will continue to form the conditions for the safe deployment of digital and payment technologies by enhancing the regulation and other mechanisms, as well as by developing cyber security standards.

In the course of the preparation of the document, the regulator took into account the suggestions received after its public discussion with financial institutions.